CN106295348A - The leak detection method of application program and device - Google Patents
The leak detection method of application program and device Download PDFInfo
- Publication number
- CN106295348A CN106295348A CN201510289736.XA CN201510289736A CN106295348A CN 106295348 A CN106295348 A CN 106295348A CN 201510289736 A CN201510289736 A CN 201510289736A CN 106295348 A CN106295348 A CN 106295348A
- Authority
- CN
- China
- Prior art keywords
- function
- application program
- cfg
- leak
- branch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses leak detection method and the device of a kind of application program.Wherein, the method includes: the installation file of application program to be detected is converted to code file;Obtaining the description information of specified function, wherein, described specified function is the function for reflecting appointment behavior;According to described description information, determine in described code file and specify the first kind function describing information matches, and according to described first kind function, the leak of described application program being detected.By technique scheme, solve Hole Detection scheme and have that efficiency is low and the incomplete technical problem of testing result.
Description
Technical field
The present invention relates to Hole Detection field, in particular to leak detection method and the device of a kind of application program.
Background technology
Along with the fast development of intelligent mobile terminal, application program based on Mobile operating system also emerges in an endless stream, but,
Owing to developer is numerous, application program is inevitably present security breaches.Such as, at Android application program
In the leak existed, having a class to affect the wider leak in face is exactly Java null pointer (Null Pointer) refusal clothes
Business (Denial Of Service, referred to as DOS) leak (hereinafter referred to as DOS leak).Mostly this class leak is
Due to the program improper program crashing caused of processing parameter calling some systems API when, cause normal function without
Method uses thus causes DOS.
The major way detecting this kind of leak at present is fuzz testing (Fuzz Testing), i.e. by target program
Institute's likely entrance sends random data, and whether observation program there will be exception.As it is shown in figure 1, Fuzz monitors journey
The principle whether sequence exists leak is as follows;
It is read into Fuzz framework (framework) for making the sample (sample) distorted, gives conversion by analysis
Module (mutation) carries out randomized variation, passes to target program by bridging part (bridge) afterwards
(target), now destination application operates on the platform (Platform runtime) of oneself, Fuzz framework
By the running status of monitoring modular (monitor) monitoring objective application program, when noting abnormalities, recorded daily record
(logger) in.
This mode is owing to relying on the concrete implementation status of program, it is impossible to ensures to travel through the code branch of all programs, sends out
Now leak is inefficient, and may produce hundreds of the most thousands of Fuzz use-cases, even if mesh being detected due to per second
It is abnormal to determine point that leak specifically exists and can produce that the exception of beacon course sequence is also required to spend a lot of energy to reappear
Impact.And owing to target program is to perform on target platform, some deep program branch is difficult to be searched
Arrive.
For above-mentioned problem, effective solution is the most not yet proposed.
Summary of the invention
Embodiments provide leak detection method and the device of a kind of application program, at least to solve Hole Detection
Scheme exists that efficiency is low and the technical problem such as testing result is the most comprehensive.
An aspect according to embodiments of the present invention, it is provided that the leak detection method of a kind of application program, including: will
The installation file of application program to be detected is converted to code file;Obtain the description information of specified function, wherein, described
Specified function is the function for reflecting appointment behavior;According to described description information, determine in described code file with
Specify the first kind function describing information matches, and according to described first kind function, the leak of described application program is carried out
Detection.
Another aspect according to embodiments of the present invention, additionally provides the Hole Detection device of a kind of application program, including:
Modular converter, for being converted to code file by the installation file of application program to be detected;Acquisition module, is used for obtaining
The description information of specified function, wherein, described specified function is the function for reflecting appointment behavior;Detection module,
For according to described description information, determine in described code file and specify the first kind function describing information matches,
And according to described first kind function, the leak of described application program is detected.
In embodiments of the present invention, the installation file of application program is converted to code file and from this code file by employing
Middle lookup is for reflecting the function of appointment behavior, and describes the first kind letter of information matches according to the information of description and appointment
Several modes detecting the leak of application program, have reached to carry out the mesh of Hole Detection by the way of static analysis
, simultaneously as be to detect based on the code file of application program, can be to each in code file
Branch carries out traversal detection, therefore, it can so that testing result is more comprehensive, and then solves Hole Detection scheme and deposit
The technical problem such as efficiency is low and testing result is the most comprehensive.
Accompanying drawing explanation
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, this
Bright schematic description and description is used for explaining the present invention, is not intended that inappropriate limitation of the present invention.At accompanying drawing
In:
Fig. 1 is a kind of principle schematic utilizing Fuzz monitoring application program according to correlation technique;
Fig. 2 is the hard of the terminal of a kind of leak detection method for realizing application program of the embodiment of the present invention
Part structured flowchart;
Fig. 3 is the schematic diagram of the leak detection method of a kind of optional application program according to embodiments of the present invention;
Fig. 4 is the generation process schematic of an a kind of optional CFG according to embodiments of the present invention;
Fig. 5 is the schematic diagram of a kind of CFG according to embodiments of the present invention;
Fig. 6 is another schematic diagram of the leak detection method of a kind of optional application program according to embodiments of the present invention;
Fig. 7 is the schematic diagram of the Hole Detection device of a kind of optional application program according to embodiments of the present invention;
Fig. 8 is another schematic diagram of the Hole Detection device of a kind of optional application program according to embodiments of the present invention;
Fig. 9 is the structured flowchart of a kind of terminal according to embodiments of the present invention.
Detailed description of the invention
In order to make those skilled in the art be more fully understood that the present invention program, below in conjunction with in the embodiment of the present invention
Accompanying drawing, is clearly and completely described the technical scheme in the embodiment of the present invention, it is clear that described embodiment
It is only the embodiment of a present invention part rather than whole embodiments.Based on the embodiment in the present invention, ability
The every other embodiment that territory those of ordinary skill is obtained under not making creative work premise, all should belong to
The scope of protection of the invention.
It should be noted that term " first " in description and claims of this specification and above-mentioned accompanying drawing, "
Two " it is etc. for distinguishing similar object, without being used for describing specific order or precedence.Should be appreciated that this
Sample use data can exchange in the appropriate case, in order to embodiments of the invention described herein can with except
Here the order beyond those illustrating or describing is implemented.Additionally, term " includes " and " having " and they
Any deformation, it is intended that cover non-exclusive comprising, such as, contain series of steps or the process of unit, side
Method, system, product or equipment are not necessarily limited to those steps or the unit clearly listed, but can include the clearest
List or for intrinsic other step of these processes, method, product or equipment or unit.
Embodiment 1
According to embodiments of the present invention, additionally provide the embodiment of the method for the leak detection method of a kind of application program, need
Illustrate, can be in the department of computer science of such as one group of computer executable instructions in the step shown in the flow chart of accompanying drawing
System performs, and, although show logical order in flow charts, but in some cases, can be with difference
Step shown or described by performing in order herein.
The embodiment of the method that the embodiment of the present application one is provided can be in mobile terminal, terminal or similar fortune
Calculate in device and perform.As a example by running on computer terminals, Fig. 2 is that the one of the embodiment of the present invention should for realization
Hardware block diagram with the terminal of the leak detection method of program.As in figure 2 it is shown, terminal 20
Can include that one or more (only illustrating one in figure) (processor 202 can include but not limited to processor 202
The processing means of Micro-processor MCV or PLD FPGA etc.), for store data memorizer 204,
And the transmitting device 206 for communication function.It will appreciated by the skilled person that the structure shown in Fig. 2
Being only signal, the structure of above-mentioned electronic installation is not caused restriction by it.Such as, terminal 20 may also include ratio
Assembly more or less shown in Fig. 2, or there is the configuration different from shown in Fig. 2.
Memorizer 204 can be used for storing software program and the module of application software, such as the application in the embodiment of the present invention
Programmed instruction/module that the leak detection method of program is corresponding, processor 202 is stored in memorizer 204 by operation
Interior software program and module, thus perform the application of various function and data process, i.e. realize above-mentioned application journey
The leak detection method of sequence.Memorizer 204 can include high speed random access memory, may also include nonvolatile memory,
Such as one or more magnetic storage device, flash memory or other non-volatile solid state memories.In some instances,
Memorizer 204 can farther include the memorizer remotely located relative to processor 202, and these remote memories are permissible
It is connected to terminal 20 by network.The example of above-mentioned network include but not limited to the Internet, intranet,
LAN, mobile radio communication and combinations thereof.
Transmitting device 206 is for receiving via a network or sending data.Above-mentioned network instantiation can include
The wireless network that the communication providers of terminal 20 provides.In an example, transmitting device 206 includes one
Network adapter (Network Interface Controller, NIC), they can be by base station and other network equipments
It is connected thus communication can be carried out with the Internet.In an example, transmitting device 206 can be radio frequency (Radio
Frequency, RF) module, it is for wirelessly carrying out communication with the Internet.
Under above-mentioned running environment, this application provides the leak detection method of application program as shown in Figure 3.Fig. 3
It it is the flow chart of the leak detection method of the application program of according to embodiments of the present invention.As it is shown on figure 3, the method bag
Include:
Step S302, is converted to code file by the installation file of application program to be detected;
For this process step, can be realized by the solution in correlation technique, such as, for Android application journey
The installation package file of sequence, (Android Package is referred to as by the installation kit of application program can to pass through APKTool
APK) file is converted into smali code;Wherein, APKTool is the APK compilation tool that Google (GOOGLE) provides,
Can decompiling and return compiling apk, the framework-res framework required for anti-compiler apk is installed simultaneously,
The functions such as cleaning decompiling file, a kind of .dex that smali is used by Java Virtual Machine in Android system (Dalvik)
The assembler of formatted file.By step S302, it is achieved that installation package file is converted to code file, for follow-up
Static analysis provides foundation.
It should be noted that above-mentioned code file is not limited to assembling file, it is also possible to show as the ends such as source code file
Layer identification code file (the most executable code file).In actual applications, owing to source code file is difficult to obtain, permissible
Preferentially be converted to assembly code file etc..
Step S304, obtains the description information of specified function, and wherein, this specified function is for reflecting appointment behavior
Function.
Alternatively, during performing step S304, a step searching above-mentioned specified function can be included, i.e.
The function for reflecting appointment behavior can be searched from above-mentioned code file;Can certainly be in concrete Hole Detection
During do not perform this finding step.
Appointment behavior herein can show as the function type performed by function, i.e. type function.This process is walked
Suddenly, for different types of Hole Detection, it is possible to use for reflecting the function of different behavior, such as at detection dos
During leak, can detect by the api function in the assembling file utilizing application program installation kit to be converted to.
Alternatively, the acquisition mode above-mentioned specified function being described to information has multiple, such as can be from network side
Increase income and document obtains the description information of above-mentioned function, specifically can be from above-mentioned document of increasing income by the way of web crawlers
In crawl foregoing description information.For ease of understanding, below to utilize the api function detection dos in Android application program
Illustrate as a example by leak:
The API that may return null value (NULL) is found out in Google Android API document.Due to Google
The API document of Android is disclosed, and uniform format, Description standard, therefore, it can by capturing these
Document and analyze content therein find out may return NULL API.
Such as: utilize the return value description information in following procedure to determine required API:
public Bundle getBundleExtra(String name)
Retrieve extended data from the intent.
Parameters
name The name of the des ired item.
Returns
the value of an item that previous ly added wi th putExtra()or null if no Bundle value was found.
See Also
Putextra (String, Bundle)
It is above the program in one section of Google API document, document describes this letter of getBundleExtra
Parameter, function and the return value of number.Wherein return value part (dashed part) and explicitly point out the possible return of this function
Null, owing to the API document format of Google is standard of comparison and specification, likely returns the API of null
In return value describes, (dashed part see in said procedure code) will be described, therefore, it can by simple literary composition
This way of search finds out the API that may return null, whether there is DOS leak for subsequent authentication.
After having determined the document of increasing income of use, it is alternatively possible to determined by following steps and may return null's
Api function: 1. by crawler capturing Android API document;2. analyze the return value of each API, find possibility
Return the API of NULL.
Step S306, according to foregoing description information, determines in code file and specifies the first kind describing information matches
Function, and according to above-mentioned first kind function, the leak of above-mentioned application program is detected.
Still illustrating as a example by identifying dos leak in step S304, the appointment in this step S306 describes letter
It is null that breath can show as return value, and above-mentioned first kind function can show as return value may be for the API of null
Function, but it is not limited to this.
Alternatively, in step S306, according to above-mentioned first kind function, the leak of above-mentioned application program being carried out detection can
To be accomplished by, but it is not limited to this: build the first controlling stream graph CFG of above-mentioned first kind function place branch
(it is called for short: a CFG), and add up the Equations of The Second Kind function in all above-mentioned first kind functions with specific characteristic value;?
An above-mentioned CFG searches the branch at above-mentioned Equations of The Second Kind function place, and judges whether above-mentioned branch has carried out exception
Reason, when judged result is for being, it is determined that above-mentioned application program does not exist leak;When above-mentioned judged result is no,
Then determine that above-mentioned application program exists leak.Alternatively, above-mentioned abnormality processing to show as following form, but can not limit
In this: when being provided for indicating present instruction exception, jump to jump instruction or the call instruction of other instructions.
It should be noted that above-mentioned specific characteristic value can show as the same characteristic features value that same class function is had, example
Such as the return value of function, such as, likely can determine above-mentioned Equations of The Second Kind function for empty eigenvalue by searching return value,
But it is not limited to this kind of form of expression.
In one alternate embodiment, the generation process of a CFG is: by Android application program installation kit (APK)
Change into Smali code, and generated the CFG of application program by static code analysis.Wherein, CFG be one with should
Being the directed graph of node with program code, the direction on limit represents call direction, i.e. the execution direction of program.Such as Fig. 4 institute
Show, comprise the following steps:
Step S402. solves the smali code in APK by apktool;
Step S404. branching logic based on the function calling relationship in Smali and code generates CFG.Specifically,
This step can be realized by procedure below:
1. smali code is broken into a lot of blocks (chunk).One chunk is the maximum that code is performed serially
Unit.I.e. running into branch in code and redirect (circulation is also the one that conditional branching redirects), function call etc. can change
Terminate current chunk during the instruction of program execution flow, and start next chunk.Each chunk has one
Individual unique id, is also their entrance, is a skew relative to function initial address.For jump instruction
Or function call instruction can calculate the most possible follow-up of current chunk by the operand of analysis instruction
chunk id。
2. these chunk are docking together by the value of self id and follow-up chunk id, i.e. construct CFG.
Wherein, based on above-mentioned processing procedure, the schematic diagram of the CFG that can build, it should be noted that herein
For ease of understanding, each branch of following CFG have employed the description of natural language, and unused code table shows, in reality
During application, each step can show as realizing the code of following functions.As shown in Figure 5:
1, obtain incoming intent, check whether intent comprises parameter, if it is, go to step 2, otherwise turns
Step 4;
2, get parms from intent, unsteady state operation or self defined class;
3, the method calling class;
4, program is terminated.
In one alternate embodiment, when an above-mentioned CFG searches the branch at above-mentioned Equations of The Second Kind function place, can
To be realized by procedure below, but it is not limited to this: according to preset rules, the branch in an above-mentioned CFG is filtered,
Obtain the 2nd CFG;The branch at above-mentioned Equations of The Second Kind function place is searched in above-mentioned 2nd CFG.Wherein, above-mentioned default
Rule can set flexibly according to practical situation, such as, can the branch in the most above-mentioned CFG carry out
Filter: delete specifying node and being only capable of by the node of this appointment node connection in an above-mentioned CFG, wherein, be somebody's turn to do
Specifying function corresponding to node is only out-degree and do not have the function of in-degree.With application program based on Android system it is
Example illustrates.
Branch is filtered, is also called CFG beta pruning.Application program in android system has specific function
Entrance, needing to find out only out-degree in CFG does not has the node of in-degree.If the function of this node is not known journey
All points that can only be connected by this node are just removed by sequence entrance.This makes it possible to ensure remaining node in CFG
It is all can be called by external program (such as the program of assailant).Specifically can be realized by following steps:
1. sum up the application program entry function of android system
2. find out only out-degree in CFG and there is no the point of in-degree
3. judge that this point is entrance function
4. travel through all child nodes of present node, delete all points that can only be connected by this node
In one alternate embodiment, it is judged that whether the branch of CFG has done abnormality processing can be accomplished by:
Travel through the branch in all CFG;Search and contain the branch that may return NULL;Judge whether this branch has done different
Often process.
By above-described embodiment it can be seen that the leak detection method of the application program of embodiment of the present invention offer can be used
In detection DOS leak, now, for reflecting that the function of appointment behavior can be api function in the embodiment of the present invention.
It should be noted that the technical scheme that the embodiment of the present invention provides can run on different mobile terminal operations it is
System, i.e. may be used for detecting the leak of application program based on different operating system, and this operating system includes but not limited to:
Android (Android) operating system, iOS operating system, Symbian, Windows Phone operating system and
BlackBerry OS operating system etc..
In the present embodiment, use and the installation file of application program is converted to code file and looks into from this code file
Look for the function for reflecting appointment behavior, and according to the information of description and the first kind function pair specifying description information matches
The leak of application program carries out the mode detected, and has reached to carry out the purpose of Hole Detection by the way of static analysis,
Simultaneously as each branch in above-mentioned code file can be carried out traversal detection, therefore, it can so that detection knot
Fruit is the most comprehensive, and then solves the technical problems such as Hole Detection scheme exists that efficiency is low and testing result is the most comprehensive.
It should be noted that for aforesaid each method embodiment, in order to be briefly described, therefore it is all expressed as one it be
The combination of actions of row, but those skilled in the art should know, the present invention not limiting by described sequence of movement
System, because according to the present invention, some step can use other orders or carry out simultaneously.Secondly, art technology
Personnel also should know, embodiment described in this description belongs to preferred embodiment, involved action and module
Not necessarily necessary to the present invention.
Through the above description of the embodiments, those skilled in the art is it can be understood that arrive according to above-mentioned enforcement
The method of example can add the mode of required general hardware platform by software and realize, naturally it is also possible to by hardware, but
In the case of Hen Duo, the former is more preferably embodiment.Based on such understanding, technical scheme substantially or
Saying that the part contributing prior art can embody with the form of software product, this computer software product is deposited
Storage is in a storage medium (such as ROM/RAM, magnetic disc, CD), including some instructions with so that a station terminal
Equipment (can be mobile phone, computer, server, or the network equipment etc.) performs described in each embodiment of the present invention
Method.
Embodiment 2
The present embodiment illustrates as a example by the DOS leak detecting application program based on Android operation system, but needs
The scheme being noted that in the present embodiment is not limited to be applied to the applying detection of Android operation system, is also not necessarily limited to
DOS leak.The main design idea of the present embodiment is, filters out spy by official document's (document of i.e. increasing income)
Determine API, and in this, as the foundation of detection DOS leak, i.e. for the operating system increased income, according to increasing income in document
Specific API interested is found out in the behavior of system API described, and combines some other methods based on these API real
Now specific function (the DOS Hole Detection as in the present embodiment).Mainly include procedure below: 1. based on static generation
Code produces CFG (Controll Flow Graph);2., by static analysis beta pruning, filter out and may be called by the external world
The API branch arrived;3. combine the Google Android potential API causing DOS leak of API document identification;4. sentence
Whether disconnected branch has carried out abnormality processing.Specifically, as shown in Figure 6, the application program that the embodiment of the present invention provides
Leak detection method includes following process step:
Step S602, uses apktool that apk is converted into smali code;
Step S604, by analyzing smali code construction CFG.This step is mainly by Android application program (APK)
Change into Smali code, and generated the CFG of application program by static code analysis.CFG be one with application program
Code is the directed graph of node, and the direction on limit represents call direction, i.e. the execution direction of program.Implement process such as
Under: 1, smali code is broken into a lot of chunk.One chunk is the largest unit that code is performed serially.
I.e. running into branch in code and redirect (circulation is also the one that conditional branching redirects), function call etc. can be held by reprogramming
Terminate current chunk during the instruction of row flow process, and start next chunk.Each chunk has one uniquely
Id, be also entrance, be a skew relative to function initial address.Jump instruction or function call are referred to
Order can calculate the most possible follow-up chunk id of current chunk by the operand of analysis instruction.
2. these chunk are docking together by the value of self id and follow-up chunk id, i.e. construct CFG.
Step S606, extracts the branch at all entrance function places, forms new CFG.In android system
Application program has specific function entrance, and finding out only out-degree in CFG does not has the node of in-degree.If this node
Function be not known program entry, just all points that can only be connected by this node are removed.This makes it possible to protect
In card CFG, remaining node is all can be called by external program (such as the program of assailant).
Step S608, crawls the Android API document of Google by HTTP request.This part is mainly from Google
Android API document is found out the API that may return NULL.Owing to the API document of Google Android is public
Open, and uniform format, Description standard, it is possible to by capturing these documents and analyzing content therein and look for
Go out the API that may return NULL, such as, can be determined by the return value description information in document and return NULL's
Api function.
Step S610, is stored in local data base (can simply store) with document form by document.This step can also
Realized by the form of caching, will be stored in caching by document, and the time-to-live etc. of document is set.
Step S612, finds out the API that may return NULL by character string search.
Step S614, finds out target API list (target API list), i.e. utilizes these API to construct possibility
Cause the API list of DOS leak.
Step S616, carries out branch filter (branch filter), i.e. finds out in CFG and comprises dividing of dangerous API
?.
Step S618, carries out try/catch parser process, i.e. judges whether this branch has done abnormality processing.
The embodiment of the present invention combines Google API document by the way of static and finds to exist the entrance of leak.Due to
It is static analysis, it is possible to ensure to traverse all of application program branch, and relative to Fuzz mode, static
Analysis has higher efficiency, and the leak detected can be accurately positioned.The computing of each step of the embodiment of the present invention is all
Determine that the carrying out practically situation relying on program relative to Fuzz present invention can ensure that to find and likely produces
The point of DOS leak.
Embodiment 3
According to embodiments of the present invention, additionally provide the Hole Detection device of a kind of application program for implementing said method,
This device can run in the mobile terminal described in embodiment 1, terminal or similar arithmetic unit,
But it is not limited to function or the structure of above-mentioned arithmetic unit in embodiment 1.As it is shown in fig. 7, this device includes:
Modular converter 70, for being converted to code file by the installation file of application program to be detected.Real for this module
Existing function, can be realized by the solution in correlation technique, such as, for the installation kit of Android application program
File, can be by APKTool by installation kit (Android Package, the referred to as APK) file of application program
It is converted into smali code, but is not limited to this kind of implementation.
Acquisition module 72, is connected to modular converter 70, for obtaining the description information of specified function.Nominated bank herein
For the function type performed by function, i.e. type function can be shown as.For this process step, for dissimilar
Hole Detection, it is possible to use for reflecting the function of different behavior, such as when detecting dos leak, can be in profit
Api function in the assembling file being converted to application program installation kit detects.Alternatively, acquisition module 72
Obtain above-mentioned specified function description information have multiple, such as can obtain above-mentioned letter from the document of increasing income of network side
The description information of number, specifically can crawl foregoing description information by the way of web crawlers from above-mentioned document of increasing income,
Now, for ease of capturing foregoing description information, it is possible to use describe information standard of comparison and the document of specification.
Detection module 74, is connected to acquisition module 72, for according to foregoing description information, true in above-mentioned code file
The fixed first kind function describing information matches with appointment, and according to the above-mentioned first kind function leak to above-mentioned application program
Detect.
Alternatively, as shown in Figure 8, detection module 74, it is also possible to include following processing unit, but be not limited to this:
Construction unit 740, builds the first controlling stream graph CFG of above-mentioned first kind function place branch;
Illustrate as a example by application program based on Android operation system, in one alternate embodiment, a CFG
Building process be: Android application program installation kit (APK) is changed into Smali code, and by static generation
Code division analysis generates the CFG of application program.Wherein, CFG is a directed graph with application code as node, limit
Direction represents call direction, i.e. the execution direction of program.Specifically can show as following process step, but be not limited to this:
The smali code in APK is solved by apktool;Based on the function calling relationship in Smali and code point
Prop up logic and generate CFG.Specifically, this step can be realized by procedure below:
1. smali code is broken into a lot of blocks (chunk).One chunk is the maximum that code is performed serially
Unit.I.e. running into branch in code and redirect (circulation is also the one that conditional branching redirects), function call etc. can change
Terminate current chunk during the instruction of program execution flow, and start next chunk.Each chunk has one
Individual unique id, is also their entrance, is a skew relative to function initial address.For jump instruction
Or function call instruction can calculate the most possible follow-up of current chunk by the operand of analysis instruction
chunk id.2. these chunk are docking together by the value of self id and follow-up chunk id, i.e. construct
CFG。
Statistic unit 742, for adding up the Equations of The Second Kind function in all above-mentioned first kind functions with specific characteristic value;
Alternatively, above-mentioned specific characteristic value can show as the same characteristic features value that same class function is had, returning of such as function
Return value, such as, likely can determine above-mentioned Equations of The Second Kind function for empty eigenvalue by searching return value, but be not limited to
This kind of form of expression.
Detector unit 744, is connected to construction unit 740 and statistic unit 742, for searching in an above-mentioned CFG
The branch at above-mentioned Equations of The Second Kind function place, and judge whether the branch at above-mentioned Equations of The Second Kind function place has carried out abnormality processing,
When judged result is for being, it is determined that above-mentioned application program does not exist leak;When above-mentioned judged result is no, the most really
There is leak in fixed above-mentioned application program.Optionally, above-mentioned abnormality processing to show as following form, but can be not limited to this:
It is provided for indicating when present instruction exception, jumps to jump instruction or the call instruction of other instructions.
Equations of The Second Kind function place branch is searched in a CFG for detector unit 744, in order to improve efficiency and detection
Accuracy, detector unit 744, be additionally operable to according to preset rules, the branch in an above-mentioned CFG be filtered,
Obtain the 2nd CFG;And in above-mentioned 2nd CFG, search the branch at above-mentioned Equations of The Second Kind function place.Below with based on
Illustrate as a example by the application program of Android system.
Branch is filtered, is also called CFG beta pruning.Application program in android system has specific function
Entrance, needing to find out only out-degree in CFG does not has the node of in-degree.If the function of this node is not known journey
All points that can only be connected by this node are just removed by sequence entrance.This makes it possible to ensure remaining node in CFG
It is all can be called by external program (such as the program of assailant).Specifically can be realized by following steps:
1. sum up the application program entry function of android system;
2. find out only out-degree in CFG and there is no the point of in-degree;
3. judge that this point is entrance function;
4. travel through all child nodes of present node, delete all points that can only be connected by this node.
In one alternate embodiment, it is judged that whether the branch of CFG has done abnormality processing can be accomplished by:
Travel through the branch in all CFG;Search and contain the branch that may return NULL;Judge whether this branch has done different
Often process.
Such as, detector unit 744, it is additionally operable to the appointment node deleted in an above-mentioned CFG and is only capable of by this appointment
The node of node connection, wherein, this function corresponding to appointment node is only out-degree and do not have the function of in-degree.This
Sample, has just carried out beta pruning process to a CFG, improves recall precision and accuracy.
In one alternate embodiment, acquisition module 72, it is additionally operable to from the document of increasing income of network side obtain specified function
Description information.
Modules involved in the present embodiment can be by what correspondingly software or hardware realized, for the latter,
Such as can realize in the following ways, but be not limited to this: modular converter 70, acquisition module 72 and detection module 74
It is respectively positioned in same processor;Or, modular converter 70, acquisition module 72 and detection module 74 lay respectively at first
In processor, the second processor and the 3rd processor;Or, modular converter 70 and acquisition module 72 are positioned at same place
In reason device, detection module 74 is positioned in another processor;Or, acquisition module 72 and detection module 74 are positioned at same
In processor, and modular converter 70 is positioned in another processor, but is not limited to combinations thereof mode.
By the Hole Detection device of the application program that the embodiment of the present invention provides, equally reach to pass through static analysis
Mode carry out the purpose of Hole Detection, simultaneously as what each step all determined that, therefore, it can so that detection knot
Fruit is the most comprehensive, and then solves the technical problems such as Hole Detection scheme exists that efficiency is low and testing result is the most comprehensive.
Embodiment 4
Embodiments of the invention can provide a kind of terminal, and this terminal can be in terminal group
Any one computer terminal.Alternatively, in the present embodiment, above computer terminal can also replace with
The terminal units such as mobile terminal.
Alternatively, in the present embodiment, during above computer terminal may be located at multiple network equipments of computer network
At least one network equipment.
In the present embodiment, following steps during above computer terminal can perform the leak detection method of application program
Program code: the installation file of application program to be detected is converted to code file;Obtain the description information of specified function,
Wherein, above-mentioned specified function is the function for reflecting appointment behavior;According to foregoing description information, at above-mentioned code literary composition
Part determines and specifies the first kind function describing information matches, and according to above-mentioned first kind function to above-mentioned application program
Leak detect.
Alternatively, Fig. 9 is the structured flowchart of a kind of terminal according to embodiments of the present invention.As it is shown in figure 9,
This terminal A may include that one or more (only illustrating one in figure) processor 91, memorizer 93, with
And transmitting device 95.
Wherein, memorizer 93 can be used for storing software program and module, as the security breaches in the embodiment of the present invention are examined
Survey programmed instruction/module that method and apparatus is corresponding, the software journey that processor 91 is stored in memorizer 93 by operation
Sequence and module, thus perform the application of various function and data process, i.e. realize the inspection that above-mentioned system vulnerability is attacked
Survey method.Memorizer 93 can include high speed random access memory, it is also possible to includes nonvolatile memory, such as one or
Multiple magnetic storage devices, flash memory or other non-volatile solid state memories.In some instances, memorizer 93
Can farther include the memorizer remotely located relative to processor 91, these remote memories can be connected by network
To terminal A.The example of above-mentioned network includes but not limited to the Internet, intranet, LAN, mobile radio communication
And combinations thereof.
Above-mentioned transmitting device 95 is for receiving via a network or sending data.Above-mentioned network instantiation can
Including cable network and wireless network.In an example, transmitting device 95 includes a network adapter (Network
Interface Controller, NIC), it can be connected with router by netting twine and other network equipments thus can be with
The Internet or LAN carry out communication.In an example, transmitting device 95 be radio frequency (Radio Frequency,
RF) module, it is for wirelessly carrying out communication with the Internet.
Wherein, specifically, memorizer 93 is for storing deliberate action condition and the information of default access user, Yi Jiying
Use program.
Processor 91 can call information and the application program of memorizer 93 storage by transmitting device, following to perform
Step: the installation file of application program to be detected is converted to code file;Obtain the description information of specified function, its
In, above-mentioned specified function is the function for reflecting appointment behavior;According to foregoing description information, in above-mentioned code file
The middle first kind function determined and specify description information matches, and according to above-mentioned first kind function to above-mentioned application program
Leak detects.
Optionally, above-mentioned processor 91 can also carry out the program code of following steps: builds above-mentioned first kind function institute
At the first controlling stream graph CFG of branch, and add up the Equations of The Second Kind in all above-mentioned first kind functions with specific characteristic value
Function;In an above-mentioned CFG, search the branch at above-mentioned Equations of The Second Kind function place, and judge above-mentioned Equations of The Second Kind function institute
Branch whether carried out abnormality processing, when judged result is for being, it is determined that there is not leak in above-mentioned application program;
When above-mentioned judged result is no, it is determined that above-mentioned application program exists leak.Alternatively, " abnormality processing " herein
Can show themselves in that and be provided for indicating when present instruction exception, jump to jump instructions of other instructions or call
Instruction.
Optionally, above-mentioned processor 91 can also carry out the program code of following steps: according to preset rules to above-mentioned
Branch in one CFG filters, and obtains the 2nd CFG;Above-mentioned Equations of The Second Kind function institute is searched in above-mentioned 2nd CFG
Branch.
Optionally, above-mentioned processor 91 can also carry out the program code of following steps: deletes in an above-mentioned CFG
Specifying node and be only capable of by the node of this appointment node connection, wherein, this function corresponding to appointment node is for only having
Out-degree and do not have the function of in-degree.
Optionally, above-mentioned processor 91 can also carry out the program code of following steps: increasing income document from network side
Obtain the description information of above-mentioned specified function, such as, can crawl above-mentioned by the way of web crawlers from document of increasing income
Description information.
Use the embodiment of the present invention, it is provided that a kind of description information inspection utilizing static code to combine wherein involved function
Survey the scheme of the leak of application program.Solve Hole Detection scheme and have that efficiency is low and the incomplete skill of testing result
Art problem.
It will appreciated by the skilled person that the structure shown in Fig. 9 is only signal, terminal can also be
Smart mobile phone (such as Android phone, iOS mobile phone etc.), panel computer, applause computer and mobile internet device
The terminal unit such as (Mobile Internet Devices, MID), PAD.Fig. 9 its not to above-mentioned electronic installation
Structure causes restriction.Such as, terminal A may also include the assembly more or more less than shown in Fig. 9 (as
Network interface, display device etc.), or there is the configuration different from shown in Fig. 9.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is permissible
Carrying out the device-dependent hardware of command terminal by program to complete, this program can be stored in a computer-readable storage medium
In matter, storage medium may include that flash disk, read only memory (Read-Only Memory, ROM), deposits at random
Take device (Random Access Memory, RAM), disk or CD etc..
Embodiment 4
Embodiments of the invention additionally provide a kind of storage medium.Alternatively, in the present embodiment, above-mentioned storage medium
May be used for preserving the program code performed by leak detection method of the application program that above-described embodiment one is provided.
Alternatively, in the present embodiment, during above-mentioned storage medium may be located at computer network Computer terminal group
In any one terminal, or it is positioned in any one mobile terminal in mobile terminal group.
Alternatively, in the present embodiment, storage medium is arranged to storage for the program code performing following steps:
The installation file of application program to be detected is converted to code file;The description information of acquisition specified function, wherein, on
Stating specified function is the function for reflecting appointment behavior;According to foregoing description information, determine in above-mentioned code file
With specify the first kind function describing information matches, and according to above-mentioned first kind function, the leak of above-mentioned application program is entered
Row detection.
Optionally, above-mentioned storage medium can also carry out the program code of following steps: builds above-mentioned first kind function institute
At the first controlling stream graph CFG of branch, and add up the Equations of The Second Kind in all above-mentioned first kind functions with specific characteristic value
Function;In an above-mentioned CFG, search the branch at above-mentioned Equations of The Second Kind function place, and judge above-mentioned Equations of The Second Kind function institute
Branch whether carried out abnormality processing, when judged result is for being, it is determined that there is not leak in above-mentioned application program;
When above-mentioned judged result is no, it is determined that above-mentioned application program exists leak.Alternatively, " abnormality processing " herein
Can show themselves in that and be provided for indicating when present instruction exception, jump to jump instructions of other instructions or call
Instruction.
Optionally, above-mentioned storage medium can also carry out the program code of following steps: according to preset rules to above-mentioned
Branch in one CFG filters, and obtains the 2nd CFG;Above-mentioned Equations of The Second Kind function institute is searched in above-mentioned 2nd CFG
Branch.
Optionally, above-mentioned storage medium can also carry out the program code of following steps: deletes in an above-mentioned CFG
Specifying node and be only capable of by the node of this appointment node connection, wherein, this function corresponding to appointment node is for only having
Out-degree and do not have the function of in-degree.
Optionally, above-mentioned storage medium can also carry out the program code of following steps: increasing income document from network side
Obtain the description information of above-mentioned specified function, such as, can crawl above-mentioned by the way of web crawlers from document of increasing income
Description information.
Herein it should be noted that any one in above computer terminal group can be with Website server and scanning device
Set up correspondence, the value order of the weblication that scanning device can perform with php in scanning computer terminal.
The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.
In the above embodiment of the present invention, the description to each embodiment all emphasizes particularly on different fields, and does not has in certain embodiment
The part described in detail, may refer to the associated description of other embodiments.
In several embodiments provided herein, it should be understood that disclosed entity device, can be passed through other
Mode realize.Wherein, device embodiment described above is only schematically, the division of the most described unit,
Being only a kind of logic function to divide, actual can have other dividing mode, the most multiple unit or assembly when realizing
Can in conjunction with or be desirably integrated into another system, or some features can be ignored, or does not performs.Another point, institute
The coupling each other shown or discuss or direct-coupling or communication connection can be by some interfaces, unit or mould
The INDIRECT COUPLING of block or communication connection, can be being electrical or other form.
The described unit illustrated as separating component can be or may not be physically separate, shows as unit
The parts shown can be or may not be physical location, i.e. may be located at a place, or can also be distributed to
On multiple NEs.Some or all of unit therein can be selected according to the actual needs to realize the present embodiment
The purpose of scheme.
It addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it is also possible to
It is that unit is individually physically present, it is also possible to two or more unit are integrated in a unit.Above-mentioned integrated
Unit both can realize to use the form of hardware, it would however also be possible to employ the form of SFU software functional unit realizes.
If described integrated unit is using the form realization of SFU software functional unit and as independent production marketing or use,
Can be stored in a computer read/write memory medium.Based on such understanding, technical scheme essence
On the part that in other words prior art contributed or this technical scheme completely or partially can be with software product
Form embodies, and this computer software product is stored in a storage medium, including some instructions with so that one
Platform computer equipment (can be for personal computer, server or the network equipment etc.) performs each embodiment institute of the present invention
State all or part of step of method.And aforesaid storage medium includes: USB flash disk, read only memory (ROM, Read-Only
Memory), random access memory (RAM, Random Acces s Memory), portable hard drive, magnetic disc or CD
Etc. the various media that can store program code.
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For Yuan, under the premise without departing from the principles of the invention, it is also possible to make some improvements and modifications, these improve and profit
Decorations also should be regarded as protection scope of the present invention.
Claims (15)
1. the leak detection method of an application program, it is characterised in that including:
The installation file of application program to be detected is converted to code file;
Obtaining the description information of specified function, wherein, described specified function is the function for reflecting appointment behavior;
According to described description information, determine in described code file and specify the first kind letter describing information matches
Number, and according to described first kind function, the leak of described application program is detected.
Method the most according to claim 1, it is characterised in that according to described first kind function to described application program
Leak detect, including:
Build the first controlling stream graph CFG of described first kind function place branch, and add up all described first kind
Function has the Equations of The Second Kind function of specific characteristic value;
In a described CFG, search the branch at described Equations of The Second Kind function place, and judge described Equations of The Second Kind function
Whether the branch at place has carried out abnormality processing, when judged result is for being, it is determined that described application program is not deposited
At leak;When described judged result is no, it is determined that described application program exists leak.
Method the most according to claim 2, it is characterised in that described abnormality processing includes:
It is provided for indicating when present instruction exception, jumps to jump instruction or the call instruction of other instructions.
Method the most according to claim 2, it is characterised in that search described Equations of The Second Kind letter in a described CFG
The branch at number place, including:
According to preset rules, the branch in a described CFG is filtered, obtain the 2nd CFG;
The branch at described Equations of The Second Kind function place is searched in described 2nd CFG.
Method the most according to claim 4, it is characterised in that according to preset rules to dividing in a described CFG
Zhi Jinhang filters, including:
Delete the appointment node in a described CFG and be only capable of by the node of this appointment node connection, wherein,
This function corresponding to appointment node is only out-degree and do not have the function of in-degree.
Method the most according to claim 2, it is characterised in that described specific characteristic value includes: described first kind letter
The return value of number.
Method the most according to claim 1, it is characterised in that obtain the description information of specified function, including:
The description information of described specified function is obtained from the document of increasing income of network side.
Method the most according to claim 7, it is characterised in that obtain described appointment from the document of increasing income of network side
The description information of function, including:
From described document of increasing income, described description information is obtained by the way of web crawlers.
Method the most according to any one of claim 1 to 8, it is characterised in that described for reflecting appointment behavior
Function be api function, and/or described leak for refusal service DOS leak.
10. the Hole Detection device of an application program, it is characterised in that including:
Modular converter, for being converted to code file by the installation file of application program to be detected;
Acquisition module, for obtaining the description information of specified function, wherein, described specified function is for being used for reflecting
The function of appointment behavior;
Detection module, for according to described description information, determines in described code file and specifies description information
The first kind function of coupling, and according to described first kind function, the leak of described application program is detected.
11. devices according to claim 10, it is characterised in that described detection module, including:
Construction unit, builds the first controlling stream graph CFG of described first kind function place branch;
Statistic unit, for adding up the Equations of The Second Kind function in all described first kind functions with specific characteristic value;
Detector unit, for searching the branch at described Equations of The Second Kind function place in a described CFG, and judges
Whether the branch at described Equations of The Second Kind function place has carried out abnormality processing, when judged result is for being, it is determined that institute
State application program and there is not leak;When described judged result is no, it is determined that described application program exists leak.
12. devices according to claim 11, it is characterised in that described abnormality processing includes: be provided for indicating
During present instruction exception, jump to jump instruction or the call instruction of other instructions.
13. devices according to claim 11, it is characterised in that described detector unit, are additionally operable to according to preset rules
Branch in a described CFG is filtered, obtains the 2nd CFG;And search in described 2nd CFG
The branch at described Equations of The Second Kind function place.
14. devices according to claim 13, it is characterised in that described detector unit, are used for deleting described first
Specifying node and being only capable of by the node of this appointment node connection, wherein, corresponding to this appointment node in CFG
Function be only out-degree and do not have the function of in-degree.
15. devices according to claim 10, it is characterised in that described acquisition module, are additionally operable to opening from network side
Source document obtains the description information of specified function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510289736.XA CN106295348B (en) | 2015-05-29 | 2015-05-29 | Vulnerability detection method and device for application program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510289736.XA CN106295348B (en) | 2015-05-29 | 2015-05-29 | Vulnerability detection method and device for application program |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106295348A true CN106295348A (en) | 2017-01-04 |
| CN106295348B CN106295348B (en) | 2020-04-10 |
Family
ID=57656070
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510289736.XA Active CN106295348B (en) | 2015-05-29 | 2015-05-29 | Vulnerability detection method and device for application program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106295348B (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108959931A (en) * | 2017-05-24 | 2018-12-07 | 阿里巴巴集团控股有限公司 | Leak detection method and device, information interacting method and equipment |
| CN110378107A (en) * | 2019-07-25 | 2019-10-25 | 腾讯科技(深圳)有限公司 | A kind of method and relevant apparatus of installation kit detection |
| CN110471662A (en) * | 2019-08-21 | 2019-11-19 | 北京百度网讯科技有限公司 | Program conversion method, device and device |
| CN110581849A (en) * | 2019-09-06 | 2019-12-17 | 中国平安人寿保险股份有限公司 | method, device, equipment and storage medium for monitoring historical repaired bugs |
| CN111104671A (en) * | 2018-10-25 | 2020-05-05 | 阿里巴巴集团控股有限公司 | Application identification determining method and application detection method |
| CN111428238A (en) * | 2020-03-17 | 2020-07-17 | 成都国信安信息产业基地有限公司 | Android component-based denial of service test method, detection terminal and medium |
| CN112131573A (en) * | 2020-09-14 | 2020-12-25 | 深信服科技股份有限公司 | Method and device for detecting security vulnerability and storage medium |
| CN112527302A (en) * | 2019-09-19 | 2021-03-19 | 北京字节跳动网络技术有限公司 | Error detection method and device, terminal and storage medium |
| CN112540787A (en) * | 2020-12-14 | 2021-03-23 | 北京知道未来信息技术有限公司 | Program reverse analysis method and device and electronic equipment |
| CN113204498A (en) * | 2021-06-07 | 2021-08-03 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for generating fuzzy test driver for closed source function library |
| CN113626820A (en) * | 2021-06-25 | 2021-11-09 | 中国科学院信息工程研究所 | Known vulnerability positioning method and device for network equipment |
| CN115859292A (en) * | 2023-02-20 | 2023-03-28 | 卓望数码技术(深圳)有限公司 | Fraud-related APP detection system, judgment method and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101359352A (en) * | 2008-09-25 | 2009-02-04 | 中国人民解放军信息工程大学 | Obfuscated API Call Behavior Discovery and Malicious Judgment Method Based on Layered Collaboration |
| US7849509B2 (en) * | 2005-10-07 | 2010-12-07 | Microsoft Corporation | Detection of security vulnerabilities in computer programs |
| CN102779255A (en) * | 2012-07-16 | 2012-11-14 | 腾讯科技(深圳)有限公司 | Method and device for judging malicious program |
| CN103793650A (en) * | 2013-12-02 | 2014-05-14 | 北京邮电大学 | Static analysis method and device for Android application program |
-
2015
- 2015-05-29 CN CN201510289736.XA patent/CN106295348B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7849509B2 (en) * | 2005-10-07 | 2010-12-07 | Microsoft Corporation | Detection of security vulnerabilities in computer programs |
| CN101359352A (en) * | 2008-09-25 | 2009-02-04 | 中国人民解放军信息工程大学 | Obfuscated API Call Behavior Discovery and Malicious Judgment Method Based on Layered Collaboration |
| CN102779255A (en) * | 2012-07-16 | 2012-11-14 | 腾讯科技(深圳)有限公司 | Method and device for judging malicious program |
| CN103793650A (en) * | 2013-12-02 | 2014-05-14 | 北京邮电大学 | Static analysis method and device for Android application program |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108959931A (en) * | 2017-05-24 | 2018-12-07 | 阿里巴巴集团控股有限公司 | Leak detection method and device, information interacting method and equipment |
| CN111104671B (en) * | 2018-10-25 | 2023-05-30 | 阿里巴巴集团控股有限公司 | Application identification determining method and application detection method |
| CN111104671A (en) * | 2018-10-25 | 2020-05-05 | 阿里巴巴集团控股有限公司 | Application identification determining method and application detection method |
| CN110378107A (en) * | 2019-07-25 | 2019-10-25 | 腾讯科技(深圳)有限公司 | A kind of method and relevant apparatus of installation kit detection |
| CN110378107B (en) * | 2019-07-25 | 2024-05-10 | 腾讯科技(深圳)有限公司 | Method and related device for detecting installation package |
| CN110471662A (en) * | 2019-08-21 | 2019-11-19 | 北京百度网讯科技有限公司 | Program conversion method, device and device |
| CN110581849A (en) * | 2019-09-06 | 2019-12-17 | 中国平安人寿保险股份有限公司 | method, device, equipment and storage medium for monitoring historical repaired bugs |
| CN110581849B (en) * | 2019-09-06 | 2022-11-11 | 中国平安人寿保险股份有限公司 | Method, device, equipment and storage medium for monitoring historical repaired bugs |
| CN112527302A (en) * | 2019-09-19 | 2021-03-19 | 北京字节跳动网络技术有限公司 | Error detection method and device, terminal and storage medium |
| CN112527302B (en) * | 2019-09-19 | 2024-03-01 | 北京字节跳动网络技术有限公司 | Error detection method and device, terminal and storage medium |
| CN111428238A (en) * | 2020-03-17 | 2020-07-17 | 成都国信安信息产业基地有限公司 | Android component-based denial of service test method, detection terminal and medium |
| CN111428238B (en) * | 2020-03-17 | 2023-11-07 | 成都国信安信息产业基地有限公司 | Android component-based service rejection testing method, detection terminal and medium |
| CN112131573A (en) * | 2020-09-14 | 2020-12-25 | 深信服科技股份有限公司 | Method and device for detecting security vulnerability and storage medium |
| CN112540787A (en) * | 2020-12-14 | 2021-03-23 | 北京知道未来信息技术有限公司 | Program reverse analysis method and device and electronic equipment |
| CN113204498A (en) * | 2021-06-07 | 2021-08-03 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for generating fuzzy test driver for closed source function library |
| CN113626820A (en) * | 2021-06-25 | 2021-11-09 | 中国科学院信息工程研究所 | Known vulnerability positioning method and device for network equipment |
| CN115859292A (en) * | 2023-02-20 | 2023-03-28 | 卓望数码技术(深圳)有限公司 | Fraud-related APP detection system, judgment method and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106295348B (en) | 2020-04-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106295348A (en) | The leak detection method of application program and device | |
| CN110210227B (en) | Risk detection method, device, equipment and storage medium | |
| US11019114B2 (en) | Method and system for application security evaluation | |
| Komisarek et al. | Machine Learning Based Approach to Anomaly and Cyberattack Detection in Streamed Network Traffic Data. | |
| US20220232040A1 (en) | Advanced cybersecurity threat mitigation using software supply chain analysis | |
| US7530105B2 (en) | Tactical and strategic attack detection and prediction | |
| CN105653956B (en) | Android malware classification method based on dynamic behavioral dependency graph | |
| CN114143015B (en) | Abnormal access behavior detection method and electronic device | |
| US20100077078A1 (en) | Network traffic analysis using a dynamically updating ontological network description | |
| Rizzo et al. | Unveiling web fingerprinting in the wild via code mining and machine learning | |
| Ibrahim et al. | Aot-attack on things: A security analysis of iot firmware updates | |
| KR102296215B1 (en) | Method For Recommending Security Requirements With Ontology Knowledge Base For Advanced Persistent Threat, Apparatus And System Thereof | |
| CN114528457B (en) | Web fingerprint detection method and related equipment | |
| CN105302707A (en) | Application vulnerability detection method and apparatus | |
| CN116155519A (en) | Threat warning information processing method, device, computer equipment and storage medium | |
| CN117454376A (en) | Industrial Internet data security detection response and tracing method and device | |
| CN106067879A (en) | The detection method of information and device | |
| RU2746685C2 (en) | Cybersecurity system with a differentiated ability to cope with complex cyber attacks | |
| CN114817928A (en) | Cyberspace data fusion analysis method, system, electronic device and storage medium | |
| Sajith et al. | RETRATCED ARTICLE: Network intrusion detection system using ANFIS classifier | |
| Kim | Potential risk analysis method for malware distribution networks | |
| CN106411951A (en) | Network attack behavior detection method and device | |
| CN115098702B (en) | Determination method and device of black product equipment and server | |
| CN116627466B (en) | A service path extraction method, system, equipment and medium | |
| CN119167360A (en) | A method for batch detection of malicious behavior of Android applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |